This morning we received an inbound lead that asked us if our HIPAA Compliant Email service was compatible with their current email provider, iPage. This particular prospect is a residential treatment center in the Rocky Mountain region.
In previous posts, we’ve covered email providers like Gmail, Hotmail, Yahoo, GoDaddy, IPOWER and HostGator and their capabilities for HIPAA compliance. The purpose of this post is to determine if iPage offers HIPAA compliant email or not.
iPage and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked iPage’s User Agreement and quickly found our answer.
iPage clearly states they are not in the business of providing HIPAA compliant email services.
Here’s what their HIPAA Disclaimer says:
The Services do not comply with the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). You are solely responsible for compliance with all applicable laws governing the privacy and security of personal data, including medical or other sensitive data. You acknowledge that the Services are not appropriate for the storage or control of access to sensitive data, such as information about children or medical or health information. iPage does not control or monitor the information or data you store on, or transmit through, our Services. We specifically disclaim any representation or warranty that the Services, as offered, comply with HIPAA. Users requiring secure storage of “Protected Health Information” as defined under HIPAA are expressly prohibited from using this Service for such purposes. Storing and permitting access to “Protected Health Information,” is a material violation of this Agreement, and grounds for immediate account termination. iPage does not sign “Business Associate Agreements,” and you agree that iPage is not a Business Associate or subcontractor or agent of yours pursuant to HIPAA. If you have questions about the security of your data, please contact us by phone or chat.
Is iPage HIPAA Compliant?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. If you are a covered entity and bound by HIPAA compliance regulations, iPage is not a suitable choice for email hosting.
Conclusion: iPage email is not HIPAA compliant.